unable to find valid certification path to requested target

[Nikos Skalis]

hi, 

I have go-server and go-agent running on the same server, I wanted to add a second agent, and I noticed that the GO_SERVER_URL had been renamed to

wrapper.app.parameter.100=-serverUrl
wrapper.app.parameter.101=https://x.x.x.x:8154/go

what I don't know is from where the https came from, I have used two certificates 

1. for nginx serving the web app (agnostic to GoCD) 
   
2. for the ldaps authentication part (using keytool)
   

when trying to add the second agent I see the following error:

2020-05-11 21:02:10,140 ERROR [WrapperJarAppMain] ServerBinaryDownloader:88 - Couldn't update admin/agent-launcher.jar. Sleeping for 1m. Error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

can you advise where to look and how to fix this ?

with kind regards,

Nikos

[Aravind SV]

Which release of GoCD is this?

A lot has changed around this in 20.2.0: https://github.com/gocd/gocd/issues/7872

tl; dr: Port 8154 won't be available any more soon and TLS termination will have to be done via something like nginx.

In your case, the certificate for LDAPs is unlikely to be the one causing this issue. Maybe rename the config/ directory in the agent, so that any old keys it has downloaded are removed, to see if it helps?

Cheers,
Aravind

On Tue, May 12, 2020 at 00:27:47 -0700, Nikos Skalis wrote:
> I have go-server and go-agent running on the same server, I wanted to add a

> second agent, and I noticed that the *GO_SERVER_URL* had been renamed to

>
> wrapper.app.parameter.100=-serverUrl
> wrapper.app.parameter.101=https://x.x.x.x:8154/go
>
>
> what I don't know is from where the https came from, I have used two
> certificates
>

> 1. for nginx serving the web app (agnostic to GoCD)
> 2. for the ldaps authentication part (using keytool)